Lucene search
+L

44 matches found

CNNVD
CNNVD
added 2023/12/22 12:0 a.m.8 views

TOTOLINK EX1800T 安全漏洞

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T setPasswordCfg interface, which originates from the failure of the admuser parameter of the cstecgi .cgi's setPasswordCfg interface to correctly...

9.8CVSS7.7AI score0.01049EPSS
Exploits1References2
CVE
CVE
added 2023/12/22 12:0 a.m.53 views

CVE-2023-51025

CVE-2023-51025 affects TOTOLINK EX1800T v9.1.0cu.2112_B20220316. The vulnerability is an unauthorized arbitrary command execution in the admuser parameter of the setPasswordCfg interface of the cstecgi.cgi, caused by inadequate filtering of constructed commands. Impact is high (arbitrary commands...

9.8CVSS9.4AI score0.01049EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2023/07/11 12:0 a.m.4 views

TOTOLINK A3300R setPasswordCfg Method Command Injection Vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A command injection vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the admuser parameter of the setPasswordCfg method...

9.8CVSS7.6AI score0.01958EPSS
Exploits1References1
OSV
OSV
added 2023/07/07 8:15 p.m.3 views

CVE-2023-37171

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...

9.8CVSS5.8AI score0.01958EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/07/07 8:15 p.m.5 views

CVE-2023-37171

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...

9.8CVSS7.4AI score0.01958EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/07/07 12:0 a.m.6 views

TOTOLINK A3300R 操作系统命令注入漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A command injection vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the admuser parameter of the setPasswordCfg method...

9.8CVSS7.5AI score0.01958EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/07 12:0 a.m.19 views

CVE-2023-37171

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...

10AI score0.01958EPSS
Exploits1References1
OSV
OSV
added 2023/02/14 3:15 p.m.7 views

CVE-2023-24160

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...

9.8CVSS7.3AI score0.0192EPSS
Exploits1References1
Prion
Prion
added 2023/02/14 3:15 p.m.16 views

Command injection

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...

7.5CVSS9.8AI score0.0192EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.7 views

TOTOLINK CA300-PoE 命令注入漏洞

The TOTOLINK CA300-PoE is a wireless access point from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884, which was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...

9.8CVSS8.4AI score0.0192EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/02/14 12:0 a.m.9 views

CVE-2023-24160

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...

9.8AI score0.0192EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/02/14 12:0 a.m.29 views

CVE-2023-24160

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...

10AI score0.0192EPSS
Exploits1References1
CVE
CVE
added 2023/02/14 12:0 a.m.63 views

CVE-2023-24160

CVE-2023-24160 affects TOTOLINK CA300-PoE firmware v6.2c.884. A command injection vulnerability exists via the admuser parameter in the setPasswordCfg function. Documents cite a high-severity impact (CVSS v3.1: 9.8, NETWORK, no user interaction). Exploitation status is not provided in the primary...

9.8CVSS9.7AI score0.0192EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/10/26 7:15 p.m.5 views

CVE-2022-42999

D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm...

7.5CVSS5.8AI score0.02682EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/10/26 12:0 a.m.38 views

CVE-2022-42999

D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm...

8.2AI score0.02682EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/10/26 12:0 a.m.12 views

CVE-2022-42999

D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm...

8.1AI score0.02682EPSS
Exploits1References2
CVE
CVE
added 2022/10/26 12:0 a.m.78 views

CVE-2022-42999

CVE-2022-42999 affects the D-Link DIR-816 A2 router (firmware 1.10 B05). The root cause is command injection in the web API endpoint at /goform/setSysAdm, exploitable through the admuser and admpass parameters. The issue can lead to arbitrary command execution with high impact, notably a High CVS...

7.5CVSS8AI score0.02682EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/26 12:0 a.m.7 views

PT-2022-5271 · D Link · D-Link Dir-816 A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: The issue is related to command injection vulnerabilities. These vulnerabilities can be exploited via the admuser and admpass parameters at the "/goform/setSysAdm" API endpoint. The vulnerabilit...

7.8CVSS7.8AI score0.02682EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/05/10 2:15 p.m.3 views

CVE-2022-28915

D-Link DIR-816 A2v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm...

10CVSS5.9AI score0.06544EPSS
Exploits1References3
OSV
OSV
added 2022/05/10 2:15 p.m.4 views

CVE-2022-28915

D-Link DIR-816 A2v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm...

9.8CVSS7.3AI score0.06544EPSS
Exploits1References2
Rows per page
Query Builder